- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The verification collateral update initiated on November 12, 2024 (tcbEvaluationDataNumber = 18, for update = “early” calls) uncovered an issue with the Intel DCAP Quote Verification Library (QVL) where the QVL omits advisoryIDs listed in the tdxModuleIdentities structure, resulting in an incomplete advisoryID list (for example, a tcbStatus value of OutOfDate may be expected to have a list of 7 advisoryIDs that provides the user with insight on which updates are required, and only 5 advisoryIDs are listed).
INTEL-SA-01036 and INTEL-SA-01099 are omitted from the full expected list. Due to the anticipated 2025 timing of the availability of a new version of the Intel DCAP QVL software, as well the need to provide the ecosystem with sufficient time to transition to the new version of the software, Intel has implemented a data workaround by including these advisoryIDs in the tdxtcbcomponents structure responses when appropriate (i.e. for a tcbStatus value other than UpToDate) for Sapphire Rapids and Emerald Rapids products. This data workaround results in improved responses in the QVL output, but does not completely address the behavior, as reflected in the table immediately below.
Under-reporting means several SA values that would be expected to be in the advisoryID list are not.
Over-reporting means several SA values that would be expected to be in the advisoryID list are present, but appear multiple times.
Intel(R) 4th and 5th Generation Xeon(R) Scalable Processors (formerly code-named Sapphire Rapids and Emerald Rapids):
TDX module TCB | Rest of TCB | Workaround | No workaround |
Up to date | Up to date | Ok | Ok |
Out of date | Up to date | Under-reporting | Under-reporting |
Up to date | Out of date | Over-reporting | Ok |
Out of date | Out of date | Ok | Under-reporting |
Sierra Forest processors are not included in scope for the November 12 verification collateral update, and thus the QVL would under-report the advisoryID lists for a tcbStatus value response other than UpToDate:
Intel(R) Xeon 6 Processors (formerly code-named Sierra Forest)
TDX module TCB | Rest of TCB | Workaround | No workaround |
Up to date | Up to date | N/A | Ok |
Out of date | Up to date | N/A | Under-reporting |
Up to date | Out of date | N/A | Ok |
Out of date | Out of date | N/A | Under-reporting |
Link Copied
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page